PGP: Pretty Good Privacy

Overview

Use of the Internet is expanding beyond anyone's expectations. As corporations, government offices, and ordinary citizens begin to rely on the information highway to conduct business, they are realizing how important it is to protect their communications — both to keep them a secret from prying eyes and to ensure that they are not altered during transmission. Encryption, which until recently was an esoteric field of interest only to spies, the military, and a few academics, provides a mechanism for doing ...

See more details below
Paperback (New Edition)
$27.72
BN.com price
(Save 20%)$34.95 List Price
Other sellers (Paperback)
  • All (29) from $1.99   
  • New (3) from $12.51   
  • Used (26) from $1.99   
Sending request ...

Overview

Use of the Internet is expanding beyond anyone's expectations. As corporations, government offices, and ordinary citizens begin to rely on the information highway to conduct business, they are realizing how important it is to protect their communications — both to keep them a secret from prying eyes and to ensure that they are not altered during transmission. Encryption, which until recently was an esoteric field of interest only to spies, the military, and a few academics, provides a mechanism for doing this.PGP, which stands for Pretty Good Privacy, is a free and widely available encryption program that lets you protect files and electronic mail. Written by Phil Zimmermann and released in 1991, PGP works on virtually every platform and has become very popular both in the U.S. and abroad. Because it uses state-of-the-art public key cryptography, PGP can be used to authenticate messages, as well as keep them secret. With PGP, you can digitally "sign" a message when you send it. By checking the digital signature at the other end, the recipient can be sure that the message was not changed during transmission and that the message actually came from you.PGP offers a popular alternative to U.S. government initiatives like the Clipper Chip because, unlike Clipper, it does not allow the government or any other outside agency access to your secret keys.PGP: Pretty Good Privacy by Simson Garfinkel is both a readable technical user's guide and a fascinating behind-the-scenes look at cryptography and privacy. Part I, "PGP Overview," introduces PGP and the cryptography that underlies it. Part II, "Cryptography History and Policy," describes the history of PGP — its personalities, legal battles, and other intrigues; it also provides background on the battles over public key cryptography patents and the U.S. government export restrictions, and other aspects of the ongoing public debates about privacy and free speech. Part III, "Using PGP," describes how to use PGP: protecting files and email, creating and using keys, signing messages, certifying and distributing keys, and using key servers. Part IV, "Appendices," describes how to obtain PGP from Internet sites, how to install it on PCs, UNIX systems, and the Macintosh, and other background information. The book also contains a glossary, a bibliography, and a handy reference card that summarizes all of the PGP commands, environment variables, and configuration variables.

Pretty Good Privacy, or "PGP", is an encryption program widely available on the Internet. The program runs on MS-DOS, UNIX, and the Mac. PGP: Pretty Good Privacy offers both a readable technical user's guide and a fascinating behind-the-scenes look at cryptography and privacy, explaining how to get PGP from publicly available sources and how to install it on various platforms.

Read More Show Less

Product Details

  • ISBN-13: 9781565920989
  • Publisher: O'Reilly Media, Incorporated
  • Publication date: 12/28/1994
  • Edition description: New Edition
  • Edition number: 1
  • Pages: 432
  • Sales rank: 773,643
  • Product dimensions: 7.01 (w) x 9.17 (h) x 0.97 (d)

Meet the Author

Simson Garfinkel, CISSP, is a journalist, entrepreneur, and international authority on computer security. Garfinkel is chief technology officer at Sandstorm Enterprises, a Boston-based firm that develops state-of-the-art computer security tools. Garfinkel is also a columnist for Technology Review Magazine and has written for more than 50 publications, including Computerworld, Forbes, and The New York Times. He is also the author of Database Nation; Web Security, Privacy, and Commerce; PGP: Pretty Good Privacy; and seven other books. Garfinkel earned a master's degree in journalism at Columbia University in 1988 and holds three undergraduate degrees from MIT. He is currently working on his doctorate at MIT's Laboratory for Computer Science.

Read More Show Less

Table of Contents

Foreword

Preface

Part I: PGP Overview

Chapter 1: Introduction to PGP
Why PGP? The Case for Encryption
Your Mail Can Go Astray
Protecting Your Privacy
Where Did PGP Come from?
Basic PGP Terminology
Keys: Public, Secret, and Session
Key Certificates
Key Rings
Pass Phrases
Digital Signatures
Signatures on Key Certificates
How to Run PGP
The Command Line Interface
Getting Help (-h Option)
Specifying Command Line Arguments
Using ASCII Armor (-a Option)
Encrypting and Signing Email (-e and -s Options)
PGP File Extensions
PGP Environment Variables
PGP Configuration Variables
The PGP Language File
PGP and Its Competitors
Key Certification with PGP

Chapter 2: Cryptography Basics
How Does Simple Cryptography Work?
Codes
Ciphers
Substitution ciphers
One-Time Pads
Keys and Key Length
Breaking the Code
Brute force (key search) attack
Cryptanalysis
Private Key Cryptography
Private Key Algorithms
A Private Key Example
Problems with Private Key Cryptography
The Key Distribution Center
The Outlook for Private Key
Public Key Cryptography
Public Key Systems
Advantages of Public Key Systems
Digital Signatures
Using Private and Public Key Cryptography Together
How Good is Cryptography?
The Strong and the Weak
The Case for Weakness
What Encryption Can't Do
U.S. Restrictions on Cryptography
Cryptography and the U.S. Patent System
Cryptography and Export Controls

Part II: Cryptography History and Policy

Chapter 3: Cryptography Before PGP
Cryptography Through the Ages
National Security and the NSA
Lucifer and the DES
The National Bureau of Standards
The Security of the DES
DES Cracking
Alternatives to the DES
Public Key Cryptography
Ralph Merkle's Puzzles
Diffie-Hellman Multi-User Techniques
Diffie-Hellman Exponential Key Exchange
The Birth of RSA
How does RSA work?
Technical Memorandum #82
The Rise and Fall of Knapsacks
Taking Public Key to Market

Chapter 4: A Pretty Good History of PGP
Phil Zimmermann: On the Road to PGP
Metamorphic Systems
Charlie Merritt
Phil Zimmermann Meets Public Key
Face to Face with Jim Bidzos
The Rise of RSA Data Security
Working with Big Jim
A Pretty Good Program
The Anti-Crime Bill S.266
The Birth of PGP-Version 1.0
PGP Grows Up
Bass-O-Matic
The Real Thing-PGP Version 2.0
The Cypherpunks
PEM, RSAREF, and RIPEM
ViaCrypt
MIT Steps in
Throwing PGP into the Wind
The Federal Investigation of Zimmermann
Whither PGP?
RSA-129 Solved!

Chapter 5: Privacy and Public Policy
Wiretapping and the U.S. Government
The FBI's Digital Telephony Plan
The Untold Cost of Digital Telephony
Return of Digital Telephony
Where's the Beef?
An Information Superhighway that's "Wired for Sound"
The NSA's Clipper Chip
Inside Clipper
Who Gets the Keys?
The Battle over Clipper and the EES
Problems with Clipper

Chapter 6: Cryptography Patents and Export
Patents and Policy
Export: 40 Bits is not Enough!
The Digital Signature Standard
The Battle over the DSS
The DSS and Patents
The Fall of PKP?
The Cylink Lawsuit
The Schlafly Lawsuit

Part III: Using PGP

Chapter 7: Protecting Your Files
Encrypting and Decrypting Files
Encrypting a File
Making a Mistake
Erasing the Original File (-w Option)
Retrieving Your Encrypted File (Default Option)
The Pass Phrase
Should You Use a Different Pass Phrase for Every File?
How to Pick a Pass Phrase
Good Pass Phrases
Why Use a Long Pass Phrase?


Chapter 8: Creating PGP Keys
Making Public Key Cryptography Work
The Theory Behind the Keys
Using PGP to Create Keys (-kgOption)
Choosing the Length of Your Public Key
Entering Your User ID
Picking Your Pass Phrase
Creating Randomness
What If PGP Won't Generate Keys?
PGP Key Rings: A Place for Your Keys


Chapter 9: Managing PGP Keys
Secret and Public Key Rings
Viewing Keys (-kvOption)
Viewing Keys on Your Public Key Ring
Viewing Keys on Your Secret Key Ring
Viewing Keys on Other Key Rings
Getting More Information about Keys (-kvc Option)
Changing Your Key Certificate (-keOption)
Changing Your Pass Phrase
Changing Your User ID (-ke Option)
Editing with Options
Changing Your User ID (-ke and -kr Options)
Giving Your Public Key to Someone
Copying Your Public Key Ring
Extracting Your Public Key (-kx Option)
Extracting Printable Keys with ASCII Armor (-kxa Option)
Using Filter Mode (-f Option)
Extracting Multiple Keys into a Single ASCII-Armored File
Adding Keys to Key Rings (-kaOption)
Adding Someone's Key to Your Public Key Ring
Adding a Key to a Specified Key Ring
No Duplicates Allowed
Removing Keys from Key Rings (-krOption)
Removing Keys from Your Public Key Ring
Removing Keys from a Specified Key Ring
A Starter Set of Public Keys


Chapter 10: Encrypting Email
Sending Encrypted Email
Step 1: Creating the Message
Creating a message with your word processor
Creating a message from the keyboard
Running PGP in filter mode
Step 2: Getting the Recipient's Public Key
Step 3: Encrypting the Message (-e Option).
Step 4: Sending the Message
Doing It All at Once (-f Option)
Encrypting and Sending a Message at the Same Time
Typing, Encrypting, and Sending at the Same Time
Receiving Encrypted Email
Decrypting Email
Changing the Output File (-o Option)
Viewing the Decrypted File (-m Option)
User Unknown
Sending and Receiving Huge Documents
Changing the Size of Armored Files
Sending an Encrypted File to a Mailing List
Encrypting and Sending to Multiple People
Adding Yourself to the Mailing List
Adding Yourself Automatically to the List


Chapter 11: Using Digital Signatures
How Do Digital Signatures Work?
The MD5 Message Digest Function
Message Digests and Public Key
RSA Digital Signatures
PGP's Digital Signatures
Signing a Message (-s Option)
Verifying a Digital Signature
Selecting from Multiple Secret Keys (-u Option)
Signing and Encrypting a Message (-se Option)
Receiving Signed Mail
Creating Detached Signatures (-sb Option)


Chapter 12: Certifying and Distributing Keys
Forged Keys
The Web of Trust
Adding a Key with Signatures (-kaOption)
Adding a Key for Phil's Pretty Good Pizza
The fingerprint
The certification
Adding a Key for Terrence Talbot, Esq.
Levels of trust
Adding a Key for Sam Spade
Viewing Signatures
Checking Your Keys and Signatures (-kc Option)
Checking Your Keys and Signatures (-kvv Option)
Checking all the Fingerprints for Your Keys (-kvc Option)
Changing Your Trust in a Person (-ke Option)
Why Change the Level of Trust?
Specifying a Different Key Ring
Signing a Key (-ksOption)
Signing with a Different Secret Key (-uOption)
Removing a Signature (-krsOption)
Unknown Signers
Certifying the Keys in keys.asc (Version 2.6.1)


Chapter 13: Revoking, Disabling, and Escrowing Keys
Revoking Your Public Key
What is a Key Revocation Certificate?
Making a Key Revocation Certificate (-kd Option)
Questions about Revoking Keys
Disabling a Public Key (-kd Option)
A Manual System for Escrowing Keys
Simple Key Escrow
Split-Key Escrow


Chapter 14: PGP Configuration File
What is the PGP Configuration File?
Where is the Configuration File?
Editing the Configuration File
Specifying a Configuration Variable
on the Command Line
Inside the PGP Configuration File
Configuration Variable Summary


Chapter 15: PGP Internet Key Servers
Communicating with a Key Server
Key Server Commands
Getting Help
Finding out Who is on the Server
Adding Your Key to the Server
Getting a Public Key from the Server
Getting a Set of Public Keys
Getting Updated Keys
Where are the Key Servers?

Part IV: Appendices

A. Getting PGP
Getting PGP from MIT
What to Type
Other Ways of Getting PGP
University of Hamburg: Lots of Crypto Resources
University of California at Berkeley: The Cypherpunks
Netcom: The PGP FAQ and Other Information
Electronic Frontier Foundation
Other Sources

B. Installing PGP on a PC
Choosing a Directory
Unpacking PGP
Verifying Your Copy of PGP
Setting up the PGP
Environment on a PC
PGPPATH Environment Variable
TZ Environment Variable
A Sample autoexec.bat File
Creating Your Secret Key/Public Key Pair

C. Installing PGP on a UNIX System
Unpacking PGP on UNIX
Getting a C Compiler
Building the RSAREF Library
Building PGP
Verifying Your Copy of PGP
Finishing the PGP Installation Under UNIX
The Dangers of Using PGP in a Multi-User Environment

D. Installing PGP on a Macintosh
Getting MacPGP
Installing MacPGP
Copying the File
Decoding the File
Creating a Setup Folder
Creating a PGP Folder
Launching MacPGP
Creating Your Keys
Adding Keys to Your Key Ring
MacBinarizing the Distribution
Certifying the Keys

E. Versions of PGP

F. The Mathematics of Cryptography
How Diffie-Hellman Works
How RSA Works
The Security of RSA
How Large is Very Large?
How Random is Random?
Dr. Ron Rivest on the Difficulty of Factoring
Abstract
Factoring Algorithms
Costs of Computation
Results
Conclusions
How PGP Picks Primes

Glossary

Bibliography
Books
Papers and Other Publications
Electronic Resources

Index

List of Figures
1-1: Threats to your message
1-2: Paper mail, with envelopes, provides privacy
1-3: Email, like postcards, offers little privacy
1-4: Information on a PGP public key certificate
1-5: PGP key rings
1-6: A digital signature
2-1: A simple example of encryption
2-2: Freemason cipher
2-3: George Washington's codebook
2-4: One-time pad
2-5: Brute force attack
2-6: Private key cryptography with three people
2-7: Private key cryptography with five people
2-8: Private key cryptography with a key distribution center )
2-9: A session key from the KDC allows secure communication
2-10: Public key cryptography
7-1: Encrypting and decrypting a file
10-1: Encrypting email
10-2: Decrypting email
11-1: Signing a message
11-2: Verifying a message
11-3: Signing and encrypting a message
11-4: Decrypting and verifying a signature
12-1: The web of trust
D-1: MacPGP self-extracting archive
D-2: MacPGP distribution folder
D-3: Files in the MacPGP folder
D-4: PGP window used for messages
D-5: Key menu (Generate key... option)
D-6: Picking a key size
D-7: Typing a pass phrase
D-8: Key menu (Add keys... option)
D-9: Adding keys from the keys.asc file
D-10: Adding keys to the pubring.pgp file
D-11: File menu (MacBinarize... option)
D-12: MacBinarizing the MacPGP2.6-Installer file
D-13: File menu (Open/Decrypt... option)
D-14: Selecting a file for certification
D-15: Specifying the filename for certification
D-16: Specifyng the filename again for certification
E-1:Versions of PGP


List of Tables
3-1: Time required to break a DES-encrypted message
6-1: The public key cryptography patents
F-1: Number of MIPS-years that can be bought for $1000 for low, average, and high levels of technological growth
F-2: Number of MIPS-years that can be purchased by an attacker, combining money available and technological growth estimates
F-3: Number of MIP-years required to factor a number in low, average and high scenarios
F-4: Size of a number (in bits) that an attacker would be able to factor at various points of time under various scenarios

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)